1

A "/" when comes to servlet mapping means default servlet. How do you interpret this when comes to a URL pattern embedded inside a web-resource-collection element as below: 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>fixmyhome</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

What about "/*'? This URL pattern is not a servlet mapping since it's enclosed by tag web-resource-collection.

I also noticed using http://localhost:8081/fixmyhome/main.jsp using both URL pattern "/" and "/*" gives the same results- which is it gives me the main.jsp page. I thought "/" might not work since there's no wildcard.

Improve this question
4
  • In the context of a security-constraint that is a regular expression, and not necessarily applied to a mapping. Commented Mar 10, 2015 at 19:47
  • Actually it's not a regexp, something more like a simple pattern with wildcards, see: stackoverflow.com/questions/8570805/… Commented Mar 10, 2015 at 20:06
  • Not sure but I would say that according to this it is similar to /*. Also, see the general part of the servlet spec for url mappings here. Commented Mar 10, 2015 at 20:21
  • @MatkoMedenjak Thanks. I read the link you gave. All it says for "/" pattern is that it is the weakest pattern. I see don't see the why "/" and '/*' works for the above example. Commented Mar 14, 2015 at 19:01

4 Answers 4

Reset to default
1

The <url-pattern> is looking for an Ant pattern. The patterns available are ?, *, and **; which match 1 character, 0 or more characters, and 0 or more directories respectively.

In your case of http://localhost:8081/fixmyhome/main.jsp, both / and /* are working the same because the * is not a requirement for their to be a character.

If you have a resources directory in your root, I would imagine your <url-pattern> would looks something like this: <url-pattern>/resources/**</url-pattern>, thereby allowing you access to all sub-directories of the resources directory.

This may help provide some more clarity: https://ant.apache.org/manual/dirtasks.html

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

According to this I would say that by writing / you are restricting access to the servlet while by writing /* you are restricting access to a certain path. So essentially "/" and "/*" would be the same.

Improve this answer

Comments

0

The url pattern under security constraint does not belong to any mapping for servlet instead it is a regular expression. With the security constraint you can allow/restrict users with the mentioned role (in auth-constraint) for the given URL pattern.

Improve this answer

1 Comment

I do agree with you this is just a regular expression. However if so why "/" and "/*" gives the same output for the above example?
0

Section 12.2 of servlet specification (version 3) states following:

  • A string beginning with a ‘/’ character and ending with a ‘/*’ suffix is used for path mapping.
  • A string beginning with a ‘*.’ prefix is used as an extension mapping.
  • The empty string ("") is a special URL pattern that exactly maps to the application's context root, i.e.,requests of the form http://host:port/contextroot/. In this case the path info is ’/’ and the servlet path and context path is empty string (““).

  • A string containing only the ’/’ character indicates the "default" servlet of the application. In this case the servlet path
    is the request URI minus the context path and the path info is null.

  • All other strings are used for exact matches only

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.